#!/bin/bash
#功能：禁用用户登录，依赖/etc/passwd实现


#############################

#SH
SHPATH=`readlink -f $0`
SHDIR=`dirname $SHPATH`
SHNAME="$0"

#DIR
LOG_DIR=$SHDIR/logs/$SHNAME
BAK_DIR=$SHDIR/bak/$SHNAME
TMP_DIR=$SHDIR/temp/$SHNAME
mkdir -p $LOG_DIR $BAK_DIR $TMP_DIR

#FILE
TMP_PATH=$TMP_DIR/user.list.temp
LOG_PATH=$LOG_DIR/`date +%F_%H%M%S`.user.log
BAK_PATH=$BAK_DIR/`date +%F_%H%M%S`.user.bak
BAK_INIT=$BAK_DIR/init_user.bak


#第一次备份
if [ ! -f $BAK_INIT ];then 
\cp /etc/passwd $BAK_INIT
echo "`date +%F_%H%M%S` INIT_BAK" >$LOG_DIR/init_bak.log
cat $BAK_INIT >>$LOG_DIR/init_bak.log
fi



#打印
user_print () {
echo "-------------------------------- 当前用户信息 --------------------------------"
>$TMP_PATH
while read LINE
do
(
	USER_NAME=`echo $LINE|awk -F ':' '{print $1}'`
	USER_SHELL=`echo $LINE|awk -F ':' '{print $NF}'`
	case `echo $USER_SHELL|awk -F '/' '{print $NF}'` in
		false)
		USER_STAT='禁用'
		;;

		nologin)
		USER_STAT='禁登'
		;;

		*)
		USER_STAT='启动'
		;;

	esac
	echo "$USER_NAME 	$USER_SHELL 	$USER_STAT" >>$TMP_PATH
)&
done </etc/passwd
wait
cat $TMP_PATH|sort  -k3 >$TMP_PATH.2 2>&1
cat $TMP_PATH.2 |awk '{printf "%-30s %-30s %-30s\n",$1,$2,$3}' |tee $TMP_PATH

}


#禁用
user_disable () {
USER_NAME=$1

	USER_LINE1=`cat /etc/passwd|grep "^${USER_NAME}:"|cut -d ":" -f 1,2,3,4,5,6`
	USER_LINE2='/bin/false'
	USER_LINE=${USER_LINE1}:${USER_LINE2}
	cat /etc/passwd|grep "^${USER_NAME}:"|grep  "false$|nologin" >/dev/null
	if [ $? -eq 0 ];then
		echo "Warning,$USER_NAME 禁用/禁登用户，无需操作。"
	else
		sed -i "/^${USER_NAME}:/c$USER_LINE" /etc/passwd
		if [ $? -eq 0 ];then echo "Success,$USER_NAME 用户禁用成功。" `cat /etc/passwd|grep "^$USER_NAME:"`;else echo "Error!$USER_NAME 用户禁用失败。";fi
		
	fi

}




#启用
user_enable () {
USER_NAME=$1

	USER_LINE1=`cat /etc/passwd|grep "^${USER_NAME}:"|cut -d ":" -f 1,2,3,4,5,6`
	USER_LINE2='/bin/bash'
	USER_LINE=${USER_LINE1}:${USER_LINE2}
	cat /etc/passwd|grep "^${USER_NAME}:"|grep  -v "false$|nologin" >/dev/null
	if [ ! $? -eq 0 ];then
		echo "Warning,$USER_NAME 非禁用户，无需操作。"
	else
		sed -i "/^${USER_NAME}:/c$USER_LINE" /etc/passwd
		if [ $? -eq 0 ];then echo "Success,$USER_NAME 用户启用成功。" `cat /etc/passwd|grep "^$USER_NAME:"`;else echo "Error!$USER_NAME 用户启用失败。";fi
		
	fi

}


#删除
user_del () {
USER_NAME=$1
userdel -f $USER_NAME
if [ $? -eq 0 ];then echo "Success,$USER_NAME 用户删除操作成功。";else echo "Error!$USER_NAME 用户删除操失败！";fi
rm -rf /home/$USER_NAME
if [ $? -eq 0 ];then echo "Success,$USER_NAME 家目录删除操作成功。";else echo "Error!$USER_NAME 家目录删除操失败！";fi
echo
}


user_print
#
while true
do

echo '
============================================================================
1.启用用户
2.禁用用户
3.打印用户
4.删除用户
0.退出

启用一个或多个用户范例： 1 user1 user2 user3 ...
禁用一个或多个用户范例： 2 user1 user2 user3 ...
'
read -p "请输入(操作序号 用户名):" KEY
if [ -z "$KEY" ];then continue;fi
KEY1=`echo "$KEY"|awk '{print $1}'`
KEY2=`echo "$KEY"|awk '{$1=null;print}'`

case $KEY1 in
	1)
	EXEC='user_enable'
	;;

	2)
	EXEC='user_disable'
	;;

	3)
	user_print
	continue
	;;

	4)
	EXEC='user_del'
	;;


	0)
	exit
	;;

	*)
	echo "Error!操作序号输入错误，请重新输入！"
	continue
	;;

esac


	for i in `echo $KEY2` 
	do
	cat /etc/passwd |grep "^$i:" >/dev/null
	if [ ! $? -eq 0 ];then echo "$i 用户不存在，跳过操作！" ;continue;fi
		$EXEC $i
	done
done











